MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames
|ID: oval:org.secpod.oval:def:14661||Date: (C)2013-08-13 (M)2017-10-26|
|Class: COMPLIANCE||Family: windows|
Windows Server operating systems support 8.3 file name formats for backward compatibility with16-bit applications. The 8.3 file name convention is a naming format that allows file names up to eight characters long. The registry value entry NtfsDisable8dot3NameCreation was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\ registry key. The entry appears as MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames in the SCE.
Windows supports 8.3 file name formats for backward compatibility with 16-bit applications. (The 8.3 file name convention is a naming format that allows file names that are up to eight characters in length, plus a three-character file type.)
If you allow 8.3 style file names, an attacker only needs eight characters to refer to a file that may be 20 characters long. For example, a file named Thisisalongfilename.doc could be referenced by its 8.3 file name, Thisis~1.doc. If you do not use 16-bit applications, you can turn this feature off. Also, directory enumeration performance is improved if you disable short-name generation on an NTFS file system partition.
Attackers could use short file names to access data files and applications with long file names that would normally be difficult to locate. An attacker who has gained access to the file system could access data or run applications.
Configure the NtfsDisable8dot3NameCreation entry to a value of 1 (enabled).
Any 16-bit applications in your organization will not be able to read, write or modify files unless the filename uses the 8.3 format, after the NtfsDisable8dot3NameCreation setting is enabled, those applications will not be able to write any new files. Some 32-bit applications also rely on the presence of short names, because short names tend not to contain embedded spaces and, therefore, do not require quotation marks when used in command lines. The installation routines for some programs may fail.
If you apply this entry to a server that already has files with autogenerated 8.3 file names, it does not remove them. To remove existing 8.3 file names, you must copy those files off the server, delete the files from the original location, and then copy the files back to their original locations.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem!NtfsDisable8dot3NameCreation
|Microsoft Windows 7|